Boson Notes Flashcards
Differences between “switchport port-security restrict/protect/shutdown”
restrict: Interface will remain up if more than the max # of addresses are learned, but traffic from the violating devices is dropped and log entry is generated
protect: same as restrict but no log is generated
shutdown: shuts down the port if more than max allowed MAC addresses are learned on the interface
DIfference between alternate and backup port
Alternate: Will become root if root fails
Backup port: When connected to a hub
What’s the default priority for STP?
32786 [0-65535]
RSTP port types
P2P: switch to switch
Shared: connected to a hub (half-duplex)
Edge: connected to hosts
spanning-tree root primary, what is default priority in this case?
Default priority 24576, unless there is a switch with lower priority, then deduct increment of 4096
Four modes of VTP
Client, server, transparent, off
Requirements for VTP
Domain Name must match, they must have a trunk
ACL Standard and Extended numbers
Standard:
1-99
1300-1999
Extended:
100-199
2000-2699
IPV4 AND IPV6. Relate them to numbered and named ACLs
IPv6 only named ACLs
IPv4 only numbered and named ACLs
What is DTP?
DTP: dynamic desirable and dynamic auto to actively make trunks
Steps for finding routing order
- ) Router looks at prefix length (most specific)
- ) Lowest AD
- ) Metric
What algorithm does OSPF have?
Djakstra
How does OSPF and EIGRP differ in terms of knowing topology?
EIGRP relies on neighbors, OSPF has complete network vision
Reference bandwidth for EIGRP and OSPF
10 Mbps for EIGRP and 100Mbps for OSPF
PPP and HDLC differences
HDLC is Cisco proprietary
What is the difference between LCP and NCP? (For PPP)
LCP: Takes care of setting up a link
NCP: Makes sure we can send IP and other protocols across our PPP links
What algorithms are used for encryptions?
AES, DES, DES56
What divides an AS into areas?
OSPF
What is path isolation and what technologies can be used to accomplish it?
Ensures authenticated users can access the virtual network resources appropriate to their credentials or locations.
GRE tunnel and MPLS VPNs
What is access control and what standard is used for it?
Prevents unauthorized users from accessing the virtual network at all
What does
RouterA(config-router)#
-and-
RouterA(config-rtr)#
represent?
OSPFv2
-and-
OSPFv3
How long does a DHCP server lease IP addresses to Host by default?
1 day
Before a user is authenticated, what type of traffic is allowed through the switch port?
EAPOL (Extensible Authentication Protocol over LANs), STP, and CDP (Cisco Discovery Protocol)
What command globally enables 802.1x on a switch?
dot1x system-auth-control
What does each of the command ‘dot1x port-control [force-authorized/force-unauthorized/auto]’
auto: enables authentication on the port, connection is between switch and host; however, if a host is configured with 802.1x authentication, the host will be authenticated
force-authorized: configures the port to authorize any host that connects to the port, no 802.1x authentication process will take place
force-unauthorized: configures a port to never allow authentication for a connected host
How do you configure the OSPF Hello and Dead timers/
ip ospf hello-interval
ip ospf dead-interval
What does …!! mean?
An ARP Resolution error
What does U.U.U mean?
ICMP Destination Unreachable error
What is FIB table?
Contain all prefixes from the IP routing table & structured in a way that is optimized for forwarding
What is an adjacency table?
Maintains Layer 2 addressing info for the FIB
What is an ARP table?
Contains Layer 3 to Layer 2 address translations
What is a CAM table?
Used to find the relationship between Layer 2 address and physical port to reach a device
What are serial interfaces most often used for?
To connect routes over point-to-point leased lines. Connects a service provider to another serial device at a remote location
What does “!A” mean in traceroute command?
It means there is an ACL applied
Where should “ip nat outside” and “ip nat inside” be issued?
“ip nat outside” should be issued on interface that is on the public side of the network
“ip nat inside” should be on the private side of the network
What does LWAPP protocol do?
Provides info exchange and other things between AP and a WLC (Wireless LAN controller)
“switchport port-security violation [protect/restrict/shutdown]”
Generates SNMP Trap:
Generates Syslog message:
Increments violation counter:
Places port in error-disabled state:
Protect Generates SNMP Trap: No Generates Syslog message: No Increments violation counter: No Places port in error-disabled state: No
Restrict Generates SNMP Trap: Yes Generates Syslog message: Yes Increments violation counter: Yes Places port in error-disabled state: No
Shutdown Generates SNMP Trap: No Generates Syslog message: Yes Increments violation counter: Yes Places port in error-disabled state: Yes
What does “switchport nonegotiate” do?
To disable DTP
What does “switchport mode access” do?
Puts port into permanent access mode
What does “switchport mode dynamic auto” do?
Configures port to become trunk, only of other end of link is configured as a trunk or set to dynamic desirable mode
What does “switchport mode dynamic desirable” do?
Configures a port to actively negotiate to become a trunk port
When does a router send an ICMP destination unreachable error?
- If a gateway of last resort has not been configured on a router
- The remote network is not listed in the routing table on the router
Causes of collision domain slowness
- Malfunctioning NIC on an end-user workstation
- Duplex mismatches
- Interface errors
Causes of broadcast domain connectivity slowness (slow intra-VLAN)
- CPU is being overutilized
- Misconfigured default gateway
- Sluggish application on remote VLAN
What devices are on the physical level?
Hubs and repeaters
What does split horizon do?
Prevents routers from advertising a route through the same interface from which the route was learned
Where should BPDU guards be enabled on?
On PortFast enable ports to prevent STP topology problems
What does virtual network services do?
To provide centralized access without compromising the security of the individual groups (Policing is a component of architecture)
What does a mismatch of MUT values do to two routers?
Causes a problem
How do you find info about DR and BDR?
show ip ospf neighbor
What is needed for VTP to synchronize VLAN config info between switches
- Switches must be connected by an ISL or 802.1q trunk link
- Case-sensitive VTP domain must match
- VTP version must match
How many subinterfaces for VTP
Connect a subinterface to each VLAN
IPv6 neighbor statuses
Incomplete Reachable Stale Delay Probe
What must be specified for the tunnel source? (GRE tunnel)
Must be specified as an IP address or an interface #
Where is the tunnel interface significant? (GRE tunnel)
It is locally significant
What must exist on a local router for GRE tunnel?
Route to the tunnel destination must exist on local router
What are the four steps to create a GRE tunnel?
- ) Create tunnel interface
- ) Assign IP address to tunnel interface
- ) Specify a tunnel source interface or IP address
- ) Specify a tunnel destination IP address
Does RIP carry subnet mask info?
No it doesn’t
Difference between collision and late collision
Collision: interruption before 64th byte
Late collision: interruption after 64th byte
What is a Runt, Baby Giant, Jumbo?
Runt: frame that is less than 64 bytes and has bad FCS
Baby Giant: frame that is up to 1600 bytes
Jumbo: frame that is up to 9216 bytes in length
What will router do if it detects an IP address conflict, in relation to DHCP pool
Router will remove the IP address from the DHCP pool
What switch will be elected as stack master?
Switch with highest priority value
How do you enable 802.1x authentication globally and on a single interface?
“dot1x system-auth-control”: for globally
“authentication port-control”: on a single interface
What is the default data link protocol for Cisco routers?
HDLC
When does a master switch election occur?
- A stack is reset
- Anything happens to Stack Master
- New switch is added to the stack
What are routers running BGP identified as?
BGP speakers
How do you find stratum of reference clock if you are NTP master?
Stratum of NTP client running on router?
Reference clock if NTP master: show ntp associations
Stratum of NTP client: show ntp status
What is MPLS (Multiprotocol Label Switching)?
Used to speed packet delivery over multiple protocols
What is the default configuration register value?
0x2102
How do you prepare a single port to accept traffic from multiple hosts?
First issue “authentication port-control auto”
Then, “authentication host-mode multi-host”
exec-timeout 3
login delay 5
What does 3 and 5 mean in this case?
- It will configure the login inactivity timer on a router to three minutes
- Minimum amount of time required between login attempts. 5 seconds in this case
What counts as a topology change for STP and RSTP?
What does STP detect as a topology change that RSTP doesn’t?
- A non-edge port moves to forwarding state
- A new root bridge is manually configured in topology
- When a switch in topology is powered off
However, only STP detects a port moving to blocking state as a topology change
What is a GARP? (Gratuitous ARP)
Commonly used to test for IP address conflicts or to prepopulate the ARP tables of adjacent network hosts
What is a RARP? (Reverse Address Resolution Protocol)
Used to translate hardware interface addresses to protocol addresses
How are active routers and standby routers determined?
Highest standby priority would be active router. If tied, higher IP address is used. 2nd highest is standby router
What are loop guards and with what should it not be used in conjunction?
Place inconsistent ports in blocking state. Should not be used in conjunction with PortFast or root guard
What are the first 24 bits of a 48-bit multicast MAC address?
0100.5E
What is the delay value of FastEthernet interfaces?
10
What do Native VLANs allow in relation to remote switches and 802.1q trunk links?
It allows traffic to be sent to remote switches over an 802.1q trunk link untagged
How do you configure a logical interface?
interface dialer 1
ip address negotiated
encapsulation ppp
pppoe-client dial-pool-number 1
Will HDLC work with different routers from various vendors?
No
Explain a hub-and-spoke technology
Every devices or site is directly connected by a single interface to a central device or site
Where does Cisco recommend traffic to be classified and marked?
As close to the network edge as possible
After a host receives a DHPACK packet, how long will a host wait before it attempts to renew?
12 hours
By how much does Spanning Tree Root Bridge priorities go up by? What’s the third-lowest priority?
They go up by 4096.
Third lowest priority would be 8192
What is HMAC?
Mechanism that uses a hash function to verify the integrity of data transmitted over a VPN
What is Diffie-Hellman (DH)?
Secure method of exchanging public encryption keys over public network
Are link-local unicast addresses routable?
No
